myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Udo Schnurpfeil (JIRA)" <...@myfaces.apache.org>
Subject [jira] [Resolved] (TOBAGO-1790) CSP definition must be appendable
Date Thu, 14 Sep 2017 11:55:00 GMT

     [ https://issues.apache.org/jira/browse/TOBAGO-1790?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Udo Schnurpfeil resolved TOBAGO-1790.
-------------------------------------
       Resolution: Fixed
    Fix Version/s: 4.0.0

> CSP definition must be appendable
> ---------------------------------
>
>                 Key: TOBAGO-1790
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1790
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>            Reporter: Udo Schnurpfeil
>            Assignee: Udo Schnurpfeil
>             Fix For: 4.0.0
>
>
> Currently there is no possibility to define CSP headers twice. It's not supported by
the specification. If a key is set twice, the first counts, the second will be ignored.
> So, the values have to be merged.
> To be more convenient, the "directive" tags gets a new attribute "name".
> Example:
> {code}
> <directive name="script-src">'self'</directive>
> <directive name="script-src">'unsafe-eval'</directive>
> {code}
> Result:
> {code}
> script-src 'self 'unsafe-eval'
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message